Hi,all:
I centralize many different log files(such as www,ftp,vpn,syslog,firewall,ids log file etc)to a log server.I wanna find some information related to intruder or attacker from those log files.
What are the tools where the correlation between all the logs came to rescue in finding/tracking the hacker/culprit, when the individual log report study was showing NO ATTACK case. What tools helped correlation easy and how? What are the best practices to read all these reports together and getting a threat alarm in case there is any? Is there any article or paper on log correlation analysis?
Regard,
Tony
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Nov 12 2002 - 08:15:27 PST